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REMARKS 

This Application has been carefully reviewed in light of the Final Office Action 
mailed May 31, 2007 (the "Office Action"). At the time of the Office Action, Claims 1, 3, 5- 
8, and 24-32 were pending, of which, the Examiner rejected Claims 1, 3, 5-8, and 24-32. 
Applicants have amended Claim 32 and have added Claims 33, 34, and 35. Applicants 
respectfully request reconsideration and favorable action in this case. 

Section 101 Rejections 

The Office Action rejects Claim 32 under 35 U.S.C. § 101 as allegedly being directed 
to non-statutory subject matter. Applicants have amended Claim 32 in a fashion whereby the 
Examiner's objections under 35 U.S.C. § 101 have been rendered moot. Accordingly, 
Applicants respectfully request the Examiner to withdraw the rejection of Claim 32 under 35 
U.S.C. § 101. 

Section 112 Rejections 

The Office Action rejects Claim 32 under 35 U.S.C. § 112, second paragraph, as 
allegedly being indefinite for filing to particularly point out and distinctly claim the subject 
matter which Applicants regard as the invention. Applicants have amended Claim 32 in a 
fashion whereby the Examiner's objections under 35 U.S.C. § 112 have been rendered moot. 
Accordingly, Applicants respectfully request the Examiner to withdraw the rejection of Claim 
32 under 35 U.S.C. § 112. 

Section 103 Rejections 

The Examiner rejects Claims 1, 3, 5-8 and 24-32 under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over an article entitled "Security Services Markup Language" 
by Mishra et al. ("Mishra") in view of an article entitled "Security Assertions Markup 
Language Straw-man Architecture" by Phillip Hallam-Baker ("Hallam-Baker Applicants 
respectfully traverse these rejections. 

Claim 1 is directed to a method wherein a first request to grant a web service 
customer access to a first web service is intercepted at an agent residing between the web 
service customer and the first web service and between the web service customer and a 
second web service. One or more authentication credentials of the web service customer are 



DAL01:963052.l 



ATTORNEY DOCKET NO. 
063170.6567 



10 



PATENT APPLICATION 
USSN: 10/626,208 



collected at the agent, and it is determined at the agent whether the web service customer is 
authenticated and authorized. If the web service customer is authenticated and authorized, 
the first request is granted at the agent; the creation of a session and a session ticket is 
initiated at the agent; a session ticket ID for the session ticket is obtained at the agent; and the 
session ticket ID and a public key are encrypted into an assertion at the agent. In further 
accordance with the method, a second request (comprising the assertion and a public key) to 
grant the web service customer access to a second web service is intercepted at the agent. If 
the private key matches the public key in the assertion, the second request is granted at the 
agent without reauthenticating or reauthorizing the web service customer. Similar to Claim 
1, Claims 26 and 32, each include limitations generally directed to initiating the creation of a 
session and a session ticket, and obtaining a session ticket ID for the session ticket at an 
agent. Neither Mishra nor Hallam-Baker, alone or in combination disclose, teach, or suggest 
each of these limitations. 

For example, Claim 1 recites, "at the agent . . . initiating creation of a session and a 
session ticket [and] obtaining a session ticket ID for the session ticket . . . The Examiner 
contends that Mishra discloses these limitations and supports the rejection of these limitations 
by broadly pointing to nine pages of Mishra. See Office Action, page 3 (citing Mishra, 
sections 3.1, 4.1, and 4.3). Mishra "defines Security Services Markup Language (S2ML), a 
protocol for two security services: authentication and authorization." See Mishra section 1, 
page 1 . However Mishra explicitly states, "protocols for creation and management of user 
sessions are outside the scope of S2ML 1.0." See Mishra, Section 2.5, page 7. Applicants 
respectfully contend that the Examiner's position is untenable because the limitations "at the 
agent . . . initiating creation of a session and a session ticket [and] obtaining a session ticket 
ID for the session ticket" are not disclosed by "protocols for creation and management of user 
sessions [that] are outside the scope of S2ML 1.0." By its own admission, Mishra does not 
disclose the limitations of Claim 1. 

Moreover, the cited portions of Mishra recite, "User logs onto Site A . . . . [B]ased on 
the information provided at log-in time by the user, Site A generates a S2ML name assertion 
and one or more entitlements." See Mishra section 3.1, page 7. Applicants respectfully 
contend that the cited portions of Mishra do not support the Examiner's rejection because a 
scenario wherein "Site A generates an S2ML name assertion" does not disclose " at the agent 
. . . initiating creation of a session and a session ticket [and] obtaining a session ticket ID for 
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the session ticket . . . as required by Claim 1. Furthermore, to the extent that the Examiner 
intends to maintain these rejections, Applicants respectfully request that the Examiner more 
specifically support these rejections with, for example, applicable page numbers. 

Applicants respectfully contend that the deficiencies of Mishra are not accounted for 
by the teachings of Hallam-Baker. For instance, the portions of Hallam-Baker cited by the 
Examiner describe "Session Management." See Hallam-Baker Section 5.4, page 9. 
However, the "Session Management" section of Hallam-Baker does not disclose, teach, or 
suggest the limitations, " at the agent . . . initiating creation of a session and a session ticket 
[and] obtaining a session ticket ID for the session ticket . . . as required by Claim 1. 
Accordingly, Applicants respectfully contend that Claim 1 and all its dependent claims are in 
condition for allowance. For similar reasons, Applicants respectfully contend that Claim 26 
and Claim 32 and each of their dependent claims are in condition for allowance. 

Claim 7 is directed to a method wherein a request to grant a web service customer 
access to a first web service is intercepted by an agent that resides between the web service 
customer and the first web service and between the web service customer and a second web 
service. The request includes an encrypted assertion and a private key and the encrypted 
assertion includes a session ticket ID for a session ticket. According to the method the 
session ticket ID was obtained prior to the request and was obtained in response to 
authentication and authorization of the web service customer for access to the second web 
service. If the private key matches the public key in the assertion, granting at the agent the 
second request without reauthenticating or reauthorizing the web service customer. Neither 
Mishra nor Hallam-Baker, alone or in combination disclose, teach, or suggest each of these 
limitations. 

For example, Claim 7 recites, "intercepting at an agent a request ... the request 
comprising an encrypted assertion and a private key, the encrypted assertion comprising a 
session ticket ID for a session ticket obtained prior to the request." The Examiner did not 
address these limitations in the Office Action. Nonetheless, Mishra is silent with respect to "a 
request" that comprises an "encrypted assertion" including "a session ticket ID for a session 
ticket obtained prior to the request" as required by Claim 7. Accordingly, Applicants 
respectfully contend that Claim 7 and all of its dependent claims are in condition for 
allowance. 
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CONCLUSION 



Applicants have made an earnest attempt to place this case in condition for allowance. 
For the foregoing reasons, and for other apparent reasons, Applicants respectfully request full 
allowance of all pending Claims. If the Examiner feels that a telephone conference or an 
interview would advance prosecution of this Application in any manner, the undersigned 
attorney for Applicants stands ready to conduct such a conference at the convenience of the 
Examiner. 

Applicants believe no fee is due. However, should there be a fee discrepancy, the 
Commissioner is hereby authorized to charge any required fees or credit any overpayments to 
Deposit Account No. 02-0384 of Baker Botts L.L.P. 



Respectfully submitted, 



BAKER BOTTS ll.p. 




Luke J^ecrersen 
Reg. No. 45,003 
Tel. 214.953.6655 
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